This article describes how to authenticate directly connected devices or gateway sub-devices by using the unique-certificate-per-device authentication method.

Background information

If you use the unique-certificate-per-device authentication method, you must burn a unique device certificate to each device in advance. A device certificate includes a ProductKey, DeviceName, and DeviceSecret. When you connect a device to IoT Platform, IoT Platform authenticates the device based on the certificate. After the device passes the authentication, IoT Platform activates the device to enable data communication between the device and IoT Platform.

The unique-certificate-per-device authentication method is recommended because of its high level of security.

Process:

Device authentication

Authenticate directly connected devices

  1. Create a product: When you create a product, set the Node Type parameter to Directly Connected Device.
  2. Add a device: Add a device to the created product and obtain the device certificate.
  3. Burn the device certificate to the device.
    1. Download Link SDK for C.
    2. Implement an MQTT-based authentication:
    3. Develop the device SDK based on your business requirements. For example, you can develop the following features: over-the-air (OTA) update, sub-device connection, Thing Specification Language (TSL) model, and device shadows.
      For more information, see Link SDK.
    4. Burn the developed device SDK to the device on the production line.
  4. Authenticate the device. After you power on the device and connect the device to IoT Platform, the device sends an authentication request that includes the device certificate information to IoT Platform. For more information, see Establish MQTT over TCP connections and Establish connections over HTTPS.
  5. Activate the device. After IoT Platform authenticates the device and establishes a connection with the device, the device can communicate with IoT Platform by using device topics. For more information, see What is a topic?.

Authenticate sub-devices of a gateway

The authentication method of gateways is the same as that of directly connected devices. This section describes how to authenticate sub-devices by using the unique-certificate-per-device authentication method. In this example, the MQTT protocol is used for communication.

  1. Create a product: create a product for a gateway and a product for a sub-device. When you create a product for the gateway, set Node Type to Gateway Device. When you create a product for the sub-device, set Node Type to Gateway Sub-device.
  2. Add devices: Add devices to the created products and obtain the device certificates.
  3. Burn the device certificates to the devices. In this example, Link SDK for C is used.
    1. Download Link SDK for C.
    2. Implement an MQTT-based authentication on the sub-device: In the gateway SDK, initialize an instance to manage the sub-device. You must configure the topological relationship between the gateway and the sub-device and the logon capability of the sub-device.
    3. On the production line, burn the developed gateway SDK to the gateway and burn the sub-device certificate to the sub-device.
  4. Authenticate the gateway and sub-device. After you power on the gateway and sub-device and then connect them to IoT Platform, the gateway sends an authentication request to IoT Platform. The request includes the certificates of the gateway and sub-device.
    For more information about data formats, see Connect sub-devices.
  5. Activate the device. After IoT Platform authenticates the device and establishes a connection with the device, the device can communicate with IoT Platform by using device topics. For more information, see What is a topic?.